Cato Client - Local Privilege Escalation via OpenSSL Configuration File (CVE-2024-6975)
The OpenSSL implementation in the winvpnclient.cli.exe service executable is configured to load an openssl.cnf file from a location that does not …
Read ArticleSafeGuard for Privileged Passwords (SPP) virtual appliance images contain a hard-coded cryptographic key (CWE-321). An attacker can exploit this key to forge arbitrary session cookies, allowing them to authenticate as any known user and gain administrative access to the application.
Note: Technical details are being withheld temporarily to provide organisations sufficient time to apply the necessary patches. A full technical write-up will be published on the AmberWolf blog at a later date.
Bypassing authentication as a privileged user grants full administrative control over the service, including access to sensitive stored credentials (e.g., managed accounts or personal password vaults).
Versions earlier than 7.0.5.1 LTS, 7.4.2, and 7.5.2 of the virtual appliance (on VMware and Hyper-V) are affected.
One Identity has stated that non-virtualized platforms, such as the physical appliance, and cloud-based platforms are not affected by this vulnerability.
One Identity has released fixes in versions 7.0.5.1 LTS, 7.4.2, and 7.5.2. Users should follow the vendor’s recommendations outlined in the referenced articles to update their installations.
The OpenSSL implementation in the winvpnclient.cli.exe service executable is configured to load an openssl.cnf file from a location that does not …
Read ArticleThe Cato Client was found to use an insecure temporary folder for downloading and processing updates.
Read Article